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A WIRELESS MOBILE PHONE WITH AUTHENTICATED MODE OF 
OPERATION INCLUDING PHOTO BASED AUTHENTICATION 



FIELD OF THE INVENTION 



5 



The present invention relates to the field of wireless nnoblle phones. More 



specifically, the present invention Is related to a wireless mobile phone having an 
authenticated mode of operation available only to an authenticated user, in 
particular, a user authenticated via a photograph of the user's. 



Advances In microprocessor and telecommunication technology have led 
to wide spread deployment and adoption of mobile devices, such as wireless 
mobile phones. For wireless mobile phones, in addition to wireless telephony, 
the late models are often equipped with advanced capabilities, such as calendar, 

15 address bool<, access to the Worid Wide Web (WWW), emails, and so forth. 

Much of these functionalities are designed to increase the productivity of 
business users. As a result, it is not surprising that business users constitute a 
major user segment of wireless mobile phones, especially for the high-end 
function rich models. Increasingly, more business data, such as business 

20 contact information, business plans, sales/marketing strategies, financial reports, 
and so forth, are being stored on wireless mobile phones. 

However, unlike personal computers or other computing devices, where 
user authentication, through e.g. user log-in, are routinely provided with virtually 
all operating systems, few if any operating systems of wireless mobile phones 

25 provide means to authenticate users. As a result, under the prior art, wireless 
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mobile phones are at risk of unauthorized usage, as well as data being 
compromised by unauthorized accesses. 

Thus, it will be desirable if protection against unauthorized access of user 
data and/or usage of wireless mobile phones can be provided. 



BRIEF DESCRIPTION OF THE DRAWINGS 
The present invention will be described by way of exemplary 
embodiments, but not limitations, illustrated in the accompanying drawings in 
10 which like references denote similar elements, and in which: 

Figure 1 illustrates a front view of a wireless mobile phone incorporated 
. with the teachings of the present invention, in accordance with one embodiment; 
Figures 2-3 illustrate two architectural views of the wireless mobile phone 
of Fig. 1, in accordance with one embodiment: 
1 5 Figures 4a-4b illustrate the operational flow of the relevant aspects of the 

operating logic of Fig. 3, in accordance with one embodiment 

Figure 5 illustrates a frant view of another wireless mobile phone 
incorporated with the teachings of the present invention, in accordance with an 
alternate embodiment; 
20 Figures 6a-6b illustrate two perspective views of another wireless mobile 

phone incorporated with the teachings of the present invention. In accordance 
with yet another embodiment; 

Figures 7a-7b illustrate a front view and a side view of another wireless 
mobile incorporated with another aspect of the teachings of the present 
25 invention, in accordance with yet another embodiment; and 
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Figures 8a-8b Illustrate a front view and a back view of the Identity caitl of 
Fig. 7b in further detail, in accordance with one embodiment. 



DETAiLED DESC RIPTION OF EMBODIMENTS OF THE rNVENTIOiM 
The present Invention Includes a wireless mobile phone having an 
authenticated mode of operation, available only to an authenticated user, in 
particular, a user authenticated by a photograph of the user. 

Parts of the description will be presented In terms commonly employed by 
those skilled In the art to convey the substance of their work to others skilled in 
the art. The term "wireless mobile phone" as used herein (in the specification 
and in the claims) refers to the class of telephone devices equipped to enable a 
user to make and receive calls wirelessly, notwithstanding the user's movement, 
as long as the user is within the communication reach of a servtee or base station 
of a wireless network service provider. Unless specifically excluded, the tenn 
"wireless mobile phone" is to include the analog subclass as well as the digital 
subclass (of all signaling protocols). 

The temfis "photograph" and "photo" as used herein are synonymous, and 
are used Interchangeably. Unless the context specifically delineates the 
"photograph" or "photo" to a particular manifestation, the tenns are to include the 
physical manifestation of the photograph/photo, and/or the data 
structure/organization incarnation holding the data of the photograph/photo. 

In the following description, various aspects of the present Invention will 
be described. However, it will be apparent to those skilled in the art that the 
present invention may be practiced with only some or all aspects of the present 
inventfon. For purposes of explanation, specific numbers, materials and 



Attorney Docket No: 109909-132416 Express Mail No: 

IPGNo:P055Z EL692649042US 

configurations are set forth in order to provide a tliorough understanding of tiie 
present invention, l-iowever, it wilt be apparent to one sl<illed in the art that the 
present invention may be practiced without the specific details. In other 
instances, weli-l^nown features are omitted or simplified in order not to obscure 
5 the present invention. 

Various operations will be described as multiple discrete steps in turn, in a 
manner that is most helpful in understanding the present invention, however, the 
order of description should not be construed as to imply that these operations are 
necessarily order dependent. In particular, these operations need not be 
1 0 performed in the order of presentation. 

The phrase "in one embodiment" is used repeatedly. The phrase 
generally does not refer to the same embodiment, however, it may. The terms 
"comprising", "having" and "including" are synonymous, unless the context 
dictates othenA/ise. 

15 

Referring now fo Figures 1 and 3a-3b, wherein a front view and two 
architecture (internal component) views of a wireless mobile phone of the present 
invention, in accordance with one embodiment, are shown. As illustrated, 
wireless mobile phone 100 of the present invention (hereinafter, simply phone 

20 100) is advantageously provided with operating logic 240 equipped in particular 
with security function 242, to operate phone 100 in at least an unauthenticated 
mode of operation and an authenticated mode of operation. . 

While operating in the unauthenticated mode of operation, i.e. without 
having the user authenticated, operating logic 240 mal<es available only a limited 

25 or reduced set of functions, whereas under the authenticated mode of operation. 
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i.e. having the user authenticated, operating logic 240 makes available a more 
expanded or the entire set of functions. 

The exact constitution of the limited/reduced set of functions and the 
expanded/full set of functions Is application dependent, which may vary from 

5 embodiments to embodiments. In one embodiment, the limited/reduced set of 
functions Include only the ability to make an emergency call, such as a 91 1 call, 
othenAnse, no other functions, including but not limited to making other calls, 
accessing calendar, email, text messaging, viewing and/or storing documents, 
nomial taking of pictures/photographs, and so forth, are permitted. These other 

10 functions are available only under the authenticated mode, 

• In another embodiment, the limited/reduced set of functions may 
effectively be a null function set, excluding even the ability to make an 
emergency call, except for notification of the linauthenticated status of the user, 
and perhaps, inviting the user to authenticate himself/herself, by e.g. allowing a 

1 5 photograph of the user to be captured in real time. 

In various embodiments, in addition to the above described 
unauthenticated and authenticated modes of operation, operating logic 240 
further supports a provisioning mode of operation, under which phone 100 is 
initially provisioned. Under the initial provisioning mode, conventional 

20 provisioning, such as configuring phone 100 for a particular wireless carrier, a 
particular subscriber and so forth, may be perfomied. Entry into the initial 
provisioning mode may be effectuated in any one of a number of conventional 
approaches. 



25 phone 100 is further advantageously equipped with camera 132 (Including lens 
134) to facilitate taking of photographs (while operating in the authenticated 



Continue to refer to Figures 1 and 3a-3b, for the illustrated embodiment, 
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mode). However, in addition to its conventional use for tailing photograplis, 
operating logic 240, or more specifically, security function 242. is endowed to 
authenticate a user through a photograph of the user (prior to operating phone 
100 in the authenticated mode). 
5 In particular, as will be described in more detail below, operating logic 240, 

in general, is equipped to establish a reference photograph of a user for 
authentication purpose, and automatically Invokes camera 132 to capture a 
photograph of the user real time, during power on or reset Further, security 
function 242 is endowed to use the reference and the real time captured 
1 0 photographs of the user to authenticate the user, and determine whether to 
continue to operate phone 100 In an unauthenticated mode, or operate phone 
100 in an authenticated mode. 

In other words, under the present invention, operating logic 240 operates 
phone 100 in the authenticated mode, and makes available the expanded/full set 
15 of functionalities, only if the user has been authenticated by his/her photo. 
othenA^ise, phone 100 is operated in the unauthenticated mode with only a 
limited/reduced set of functionalities (except in the initial provisioning mode). 

For the embodiment, operating logic 240, more specifically, security 
function 242, also supports the taking of a photograph of the user, and its saving 
20 as a reference for subsequent analysis of a taken photograph to authenticate a 
user, before operating phone 100 in the authenticated mode. 

In various embodiments, the saving of the reference photograph is also 
supported under a special configuration mode, while operating in the 
authenticated mode. Entry into the configuration mode (while operating iri the 
25 authenticated mode) may also be effectuated in any one of a number of 
conventional means. 

# 
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Continuing to refer to Fig. 1 and 3a-3b, additionally, phone 100 includes 
conventional wireless telephony elements, including power switch 122, power 
222, audio communication elements, such as ear speaker 112 and microphone 
114, and non-audio communication elements, such as input key pad 102 having 
5 a number of alphanumeric input keys and display 108. Further, the non-audio 
input elements may further include scroll button 105. selection buttons 106, and 
"talk" and "end talk" buttons 104. These elements are disposed on various 
external surfaces of body 116. 

As illustrated in Fig. 3a. upon depression by a user (optionally, for a 
10 predetermined duration), while phone 100 is in a powered down or lower power 
state, power switch 122 couples power 222 to camera 132 and other 
components 202-212. Likewise, upon depresston by a user (optionally, for a 
predetermined duration), while phone 100 is in powered up state, power swHch 
122 cuts off or reduces power 222 to all or selected ones of camera 132 and 
15 other components 202-212. 

Extemally. phone 100 may also include antenna 110. Keys of key pad 
102 may be surrounded by, or othenMse include illuminable light emitting diodes 
(LED) in their backgrounds. For the purpose of the present specification, the 
terms "button" and "key" may be considered synonymous, unless the context 
20 cleariy indicates othenwise. 

Internally, In addition to processor 202 and DSP 204, phone 100 also 
includes non-volatile memory 206, general purpose input/output (GPIO) interface 
208. and transmit/receive (TX/RX) 212, coupled to each other, processor 202 
and DSP 204, via bus 214. and disposed on a circuit board 220. 
25 Except for the novel manner that many of these elements, such as 

processor 202. DSP 204 and so forth, are used in support of making the 
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expanded/full set of functionalities available only to an authenticated user, the 
enumerated elements otherwise perform their conventional functions known in 
the art. ^ 

Non-volatile memory 206 is employed to store programming instructions 

5 and optionally, working data. Including operating logic 240 and its security 

function 242. Working data may include callee/messaging party or parties (e.g. 
their phone numbers or IP addresses) with whom user may communicate. 
Working data may include the reference and input photographs of the user. 

Processor 202, assisted by DSP 204, is employed to operate phone 100, 

10 executing operating logic 240, including security function 242. 

Keys of key pad 102 may be employed to enter alphanumeric data, 
including entering a sequence of alphanumeric data for the phone number or 
address of a "callee". Selected sequence of the keys (such as "*#") may also be 
employed to denote a user instruction to return to the unauthenticated mode of 

15 operation, if entered while operating in the authenticated mode of operation, or to 
return to the authenticated niode of operation, if entered while operating in the 
unauthenticated mode of operation (provided the user is authenticated). 

Scroll key 105 and companion selection keys 106 may be employed to 
scroll and select various options or list items of various menu options or selection 

20 lists, including scrolling and selecting list items presented for user interactions to 
verify the user's wejlness. For the embodiment, scroll key 105 may be selected 
in one of two positions, an "up" position or a "down" position for scrolling a 
selection list In an "up" direction and a "down" direction respectively. Similariy, 
scroll and selection keys 105/106 may also be employed to select a menu Item to 

25 convey a user instruction to return to the unauthenticated mode, if the selection is 
made while operating in the authenticated mode, or to return to the authenticated 
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mode, if the selection is made wiiile operating in the unauthenticated mode 
(provided the user is authenticated). 

GPiO 208 may be employed to generate input signals, such as a 
corresponding "alphanumeric" signal In response to a user selection of one of the 
5 keys of key pad 102, a "scroll" signal" (or more specifically, a "scroll up" or a 
"scroll down" signals) in response to a user selection of scroll key 105, a 
"selection" signal in response to a user selection of select button 106, and so 
forth. 

TX/RX 212 may be employed to transmit and receive communication * 
1 0 signals for a call and/or a text message. TX/RX 212 may be a radio frequency 
transceiver, and support one or more of any of thp known signaling protocols, 
including but are not limited to CDIVIA, TDMA, GSM, and so forth. 

The constitutions of these elements are known, and will not.be further 
described. 

15 As to operating logic 240, including security function 242, it may be 

implemented In the assembly or machine instructions of processor 202, or a high 
level language that can be compiled into these assembly or machine languages. 
In alternate embodiments, ail or portions of operating logic 240, including security 
function 242 may be implemented in firmware and/or hardware. 

20 Accordingly, except for the enhancements provided, phone 100 othenvise 

represents a broad range of wireless mobile phones, including both the analog 
as well as the digital types (of all signaling protocols), substantially rectangular 
uni-body as Illustrated, or curved uni-body, as well as multi-portions, such as "flip 
phones" to be illustrated later. 
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Figure 4 illustrates the operatfonal flow of the relevant aspects of 
operating logic 240, in accordance with one embodiment As illustrated, on start 
up/reset (such as depression of power on/off button 122 for the required 
predetermined duration by a user), operating logic 240 enables phone 100 to 
5 operate in the earlier described unauthenticated mode, making available only a 
limited/reduced set of functionalities, blocl^ 402. Thereafter, operating logic 240 
waits for additional user input, block 404. 

Recall from earlier description, upon depression by a user, while phone 
100 is in powered down or low power state, power switch 122 couples power to 
. 10 camera 122 and other components 202-212 of phone 100. For the embodiment, 
on power on/reset, operating logic 230 causes camera 132 to automatically take 
a photograph of the objects in view. Resultantly, a photograph of an authorized 
user who is aware of the authentication requirement, and have properly position 
his/her face in front of the camera, would have a photograph of the user taken or 
15 captured In real time, for authentication. 

Accordingly, under tiie present invention, photograph based authentication 
is seamless integrated with the power on/reset process. 

While typically, the authentication process employs photographs that are 
front views of a user's face, in alternate embodiments, the present invention may 
20 be practiced with the authentication process employing photographs that are side 
views of a user's face, or other views. 

Continuing to refer to Fig. 4, on receipt of inputs, operating logic 240 
determines if the input is a photograph captured by camera 132 in real time 
(more specifically, by DSP 204, after it processes tiie signals output by camera 
25 132 Into a photograph), block 406. 
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If the user input is photograph, operating logic 240 (or more specifically, 
security function 242) further determines if phone 100 is operating in the 
unauthenticated mode, within the authenticated mode (including Whether it is 
within the configuration mode of th& authenticated mode), or the initial 
5 provisioning mode, block 407. 

If phone 100 Is detenmined to be operating in the authenticated mode, the 
processing is turned over to a camera function (not shown), which handles the 
photograph in an application dependent manner, block 408. In other words, the 
user is using camera 132 for its primary purpose, taking photographs/pictures for 
10 the user. 

If phone 100 Is determined to be operating in the configuration mode 
within the authenticated mode, or the Initial provisioning mode, operating logic 
240 (or more specifically, security function 242) saves the captured photograph 
as a reference photograph for future user authentication, block 408. 

15 If phone 100 is determined to be operating in the unauthenticated mode, 

operating logic 240 (or more specifically, security function 242) initiates the 
photograph based authentication process, authenticating the user.by comparing 
the real time captured photograph, against the previously saved reference 
photograph, block 409. 

20 If the photograph does not substantially match the previously saved 

reference photograph, block 410, operating logic 240 (or more specifically, 
security function 242) reports the authentication failure, block 412, and continues 
to operate phone 100 in the unauthenticated mode at block 404. 

However, if the inputted photograph substantially matches the previously 

25 saved reference photograph, block 410, operating logic 240 (or more specifically, 
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security function 242) enables phone 100 to operate in the authenticated mode, 
block 414. Thereafter, operating logic 240 continues operation at block 404. 

The precision level at which a real time captured photograph is to be 
considered substantially matching with a reference photograph is application 
5 dependent. Preferably, different user selectable precision levels are offered. As 
with other user selectable options, ttie selection may be facilitated in any one of a 
number of known user selection techniques. 

Back at block 408, If the input is determined not to be photograph input, 
operating logic 240 determines if the input is a user instruction to return to the 
10 unauthenticated mode of operation (e.g. a user selecting or inputting such 

command using alphanumeric keys 102 and/or scnDli/setect keys 105 and 106 
while operating in an authenticated mode of operation), block 416. 

If the input is determined to be a user instruction to return to the 
unauthenticated mode of operation, operating logic 240 (or more specifically, 
15 security function 242) returns phone 100 to operate in ftie unauthenticated mode, 
block 418. Thereafter, operating logic 240 continues operation at block 404. 

In one embodiment, before exiting to the unauthenticated mode, operating 
logic 240 (or more specifically, security function 242) causes a user selectable 
"resume" (i.e. re*authentication) option to be rendered on display 108. Selection 
20 of the option is processed as if phone 100 is being powered on or reset. That is, 
operating logic 240 automatically causes camera 132 to capture another 
photograph of the objects in view for authentication purpose. 

If the input is determined to be other user inputs, operating logic 240 
handles the other user inputs in an application dependent manner, block 420. In 
25 particular, if the input is a user instruction to return to the authenticated mode of 
operation, operating logic 240 continues operation at block 404, and awaits for 



13 



Attorney Docket No: 109909-132416 Eiqpiess NfoU No: 

IPGNo:P055Z EL69264<)nA?^^s 

another photograph input to re-authenticate the user. If the input is other 
conventional inputs, the inputs are processed as in the prior art. Thereafter, 
operating logic 240 continues operation at block 404. 

5 Figure 5 illustrates another embodiment of the wireless mobile phone of 

the present invention. More specifically. Fig. 5 illustrates a front view of the 
alternate embodiment. The alternate embodiment is substantially that of the 
embodiment of Fig. 1 , except that phone 100 is substantially rectangular in 
shape, whereas phone 500 has a curved shape. Also, camera 532 is disposed 
10 at a side of the front surface of body 51 6 of phone 500 instead. 

Figures 6a»6b illustrate yet another embodiment of the wireless mobile 
phone of the present invention. More specifically. Fig. 6a-6b illustrate two 
perspective views of the embodiment. The embodiment is also substantially that 

15 of the embodiments of Figs. 1 and 5, except that phone 100 is substantially 
rectangular, phone 500 has a curve shaped body, whereas phone 700 has a 
multi-section body. The multi-section form factor includes a first section 716b 
and a second section 716c, and the second section 716c is further comprised of 
at least two sub-sections 716d-7iee. The first and second sections 716b-7l 6c 

20 may pivot towards each other as denoted by direction arrow 706a or away from 
each other opposite to the direction denoted by arrow 706a. Sub-section 71 6d 
* may rotate relative to sub-section 71 6e as denoted by the directions denoted by 
arrows 706b. In other words, phone 700 may be considered as an improved 
version of what is commonly referred to as "flip" phones. 

25 Similar to the earlier described embodiments, phone 700 is provided with 

operating logic having a security function as eariier described, and camera 732. 



14 



Attoxney Docket No: 109909-132416 Express Mail No: 

IPGNo:P055Z EL692649042US 



Except, camera 732 is disposed at a front surface of upper section 716b of 
plione 700 instead. 

In alternate embodiments, second section 716c may be a uni-section. I.e. 
it is not further subKlivided into to relatively pivotabie sub-sections. 

5 

In yet other embodiments, the reference photograph may be provided to 
the wireless mobile phone in a secure manner, e.g. read from an identity card, 
via an identity card reader additionally provided to the wireless mobile phone. . 

Figures 7a-7b illustrate one such embodiment. As illustrated in Fig. 7b, 
10 wireless mobile phone 100 is additional endowed with an identity card reader 
740: Identity card reader 740 (optionally, assisted by a device driver additionally 
provided to supplement operating logic 240) is equipped to retrieve the earlier 
described reference photograph from identity card 742. 

Preferably, identify card 742 has a form factor that is difficult to forge, and 
15 its issuance is govemed by a secured process. Resuitantly, security for wireless 
mobile phone 100 is further enhanced. 

For the embodiment, identity card 742 comprises a smart electronic card 
744 (commonly referred to as a smart card) (see Fig. 8a-8b), and the reference 
photograph is pre-stored in the embedded smart card 744. Operating logic 240 
20 (optionally, supplemented by a corresponding reader device driver) retrieves the 
refierence photograph from embedded smart card 744, on detection of the 
presence of identity card 742. 

In various embodiments, the reference photograph may be further 
protected via encryption, requiring operating loigic 240 to posses the proper 
25 decryption key to recover the reference photograph gfler retrieval. 
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10 



In yet other embodiments, the reference photograph may be further 
protected via an authentication protocol, requiring wireless mobile phone 100 to 
be equipped with the appropriate credential to authenticate itself to smart card 
744, before being allowed by smart card 744 to access the pre-stored reference 
photograph in smart card 744. 

In yet other embodiments, the reference photograph may be Imprinted on 
identity card 742, and Identity card reader 720 is an optical reader. 

In yet still other embodiments, the reference photograph may be encoded 
via a magnetic strip disposed on a surface of identity card 742, and identity card 
reader 720 is a magnetic code reader. 

These are just a few example, other equivalent encoding/storing and 
reading/retrieving techniques may also be employed instead. 



Conclusion and Epilooue 
15 Thus, it can be seen from the above descriptions, a novel wireless mobile 

phone that can afford protection against unauthorized access to user data and/or 
usage of the phone has been described. 

While the present invention has been described in terms of the foregoing 
embodiments, those skilled in the art will recognize that the invention is not 
20 limited to the embodiments described. The present invention can be practiced 
. with modification and alteration within the spirit and scope of the appended 
claims. 

In particular, the present invention may be practiced with employing 
additional and/or other means to authenticate a user. 
25 Thus, the description is to be regarded as Illustrative instead of restrictive 

on the present invention. 
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